Senior Analyst, Cyber Threat Intelligence Fusion

General information Ref # 22039 Remote? Yes The Opportunity The Senior Cyber Threat Intelligence Fusion Analyst is a valued member of the Information Protection and Risk Management (IPRM) organization. This role is responsible for enabling intelligence-driven security operations through the production of intelligence products that are timely, relevant, and actionable to Ally. You will collaborate with key stakeholders across the organization to enhance and influence their security programs through advanced intelligence solutions. You will have the opportunity to study emerging threats and build forecasts that ultimately translate into improved security controls. Our goal in Cyber Threat Intelligence is to equip the organization with knowledge that enables proactive cyber defense - and we welcome you to join us in that mission. The Work Itself Use Security Information and Event Management (SIEM) tooling to analyze authentication and security telemetry across diverse sources to assess the relevance of threats to the environment and generate viable threat mitigation recommendations. Fuse cyber threat intelligence with enterprise data to generate insights for business, fraud, AML, and security teams that enhance detection and response to cyber-enabled crimes. Deliver influential threat intelligence presentations to diverse audiences that inform tactical, operational, and strategic decision-making. Collect, analyze, and disseminate actionable cyber threat intelligence to influence incident response, vulnerability management, threat hunting, detection engineering, third party risk management, and more. Leverage intelligence tooling to investigate potential threats on the open, deep, and dark web. Research adversary tactics, techniques, and procedures (TTPs) to cyclically perform threat profiling. Translate relevant and emerging adversary TTPs into actionable and durable defense strategies for threat detection and threat prevention. Partner closely with Ally’s red team to enable intelligence-driven threat emulations and simulations. Support Ally’s Security Operations Center (SOC) and Cybersecurity Incident Response Team (CSIRT) during cybersecurity investigations. Collaborate with Ally’s SOC and security engineering teams to develop and mature automated enrichment of Indicators of Compromise (IOCs). Produce processes, playbooks, and procedures to maintain operational resiliency and excellence. Develop automation and orchestration across the cyber threat intelligence lifecycle with PowerAutomate. The Skills You Bring Minimum Qualifications 3+ years of experience High School Diploma or GED equivalent Preferred Qualifications 3+ years in security operations, with at least 1 of those years focused on threat intelligence. Strong understanding of threat intelligence models and frameworks, including Cyber Kill Chain, MITRE ATT&CK, Diamond Model, Pyramid of Pain. Proficient in the use of threat intelligence tooling to perform investigations on the deep, dark, and open web. Expertise in performing Open-Source Intelligence (OSINT) research while maintaining operational security. Advanced working proficiency with SIEM tools in the context of threat intelligence analysis. Foundational understanding of cyber-enabled financial crimes. Broad understanding of security best practices and how to harden controls against adversarial techniques. Confidence in presenting threat intelligence to large and varied audiences. Ability to manage projects and mature programs involving multiple teams with confidence. Equal Opportunity Employer Statement Ally is an equal opportunity employer committed to diversity and inclusion in the workplace. All qualified applicants will receive consideration for employment without regard to age, race, color, sex, religion, national origin, disability, sexual orientation, gender identity or expression, pregnancy status, marital status, military or veteran status, genetic disposition or any other reason protected by law. Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered, if not currently employed by Ally. We are committed to working with and providing reasonable accommodation to applicants with physical or mental disabilities. For accommodation requests, email us at . Ally will not discriminate against any qualified individual who is capable of performing the essential functions of the job with or without reasonable accommodation. #J-18808-Ljbffr